Re^7: Any security holes?


Problems? Is your data what you think it is?
	PerlMonks

Re^7: Any security holes?

by haj (Vicar)

on Jun 28, 2022 at 13:43 UTC ( [id://11145148]=note: print w/replies, xml )

Need Help??

in reply to Re^6: Any security holes?
in thread Any security holes?

Your script attempts to write tainted data to the filesystem. Running in taint mode protects you from doing this ...

This is not how taint mode works. You can write tainted data to the file system just fine. It is passing tainted data to the OS (via the file system, starting processes and the like) where taint mode kicks in.

A frequent path to taint failures is whenever environment variables like e.g. $ENV{HOME} or $ENV{TMP} are used by Perl modules. This may also differ between platforms. For example, my current Linux desktops don't even have $ENV{TMP} defined, whereas on Windows it is usually set.

Comment on Re^7: Any security holes?

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://11145148]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others exploiting the Monastery: (3)

As of 2024-04-25 19:14 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found